Reset service principal credentials
If you lose your service principal credentials, reset the credentials using az ad sp credential reset. This step details how to reset your service principal password or certificate.
Warning
While learning to manage Azure service principals, returning passwords and credential locations in your terminal, and consequently in your log file, is common. However, when outside of a testing environment, store credential output in a variable.
Reset credentials returning output to the console and log file
Use az ad sp credential reset command to create a new password or certificate for your service principal. If you don't know the ID associated with your service principal, use the az ad sp list
command as explained in Get an existing service principal.
Reset a service principal password.
az ad sp credential reset --id myServicePrincipalID
Console output showing the new password in the console. This information is also written in the log.
{
"appId": "myServicePrincipalID",
"password": "myServicePrincipalNewPassword",
"tenant": "myTenantID"
}
Reset a service principal credential with a new self-signed certificate.
az ad sp credential reset --id myServicePrincipalID --create-cert
Console output showing the new certificate location in the console. This information is also written in the log.
{
"appId": "myServicePrincipalID",
"fileWithCertAndPrivateKey": "myLocation/myPemFileName.pem",
"password": null,
"tenant": "myTenantID"
}
Reset credentials storing output in a variable
To avoid storing credentials in your log file, use the --query
parameter to store output in a variable. When testing, use the echo
command to see the value of your variable, but understand that echo
writes to the log.
Reset a service principal credential with a password.
# Bash script
myNewPassword=$(az ad sp credential reset --id myServicePrincipalID --query password --output tsv)
# the echo command writes to the log file
# only use it when testing
echo $myNewPassword
Next Steps
Now that you've learned how to reset your service principal credentials, proceed to the next step to see how to clean up tutorial resources.